The aftermath of NotPetya
Companies hobbled from cyberattack that targeted Ukraine
Some of these companies are actually using pieces of paper to write down credit card numbers.
It’s crazy.
Dave Kennedy
HOUSTON: Many businesses still struggled to recover hopelessly scrambled computer networks, collateral damage from a massive cyberattack that targeted Ukraine three days ago.
The Heritage Valley Health System couldn’t offer lab and diagnostic imaging services at 14 community and neighbourhood offices in western Pennsylvania.
DLA Piper, a London-based law firm with offices in 40 countries, said on its website that e-mail systems were down; a receptionist said e-mail hadn’t been restored by the close of business day.
Dave Kennedy, a former Marine cyberwarrior who is now CEO of the security company TrustedSec, said one US company he is helping is rebuilding its entire network of more than 5,000 computers.
“It hit everything, their backups, servers, their workstations, everything,” he said.
“Everything was just nuked and wiped.”
Kennedy added, “Some of these companies are actually using pieces of paper to write down credit card numbers. It’s crazy.”
The cyberattack that began on Tuesday brought even some Fortune 1000 companies to their knees, experts say.
Kennedy said a lot more “isn’t being reported by companies who don’t want to say that they are hit.”
The malware, which security experts are calling NotPetya, was unleashed through Ukraine tax software, called MeDoc.
Customers’ networks became infected downloading automatic updates from its maker’s website.
Many customers are multinationals with offices in the eastern European nation.
The malware spread so quickly, worming its way automatically through interconnected private networks, as to be nearly unstoppable.
What saved the world from digital mayhem, experts say, was its limited business-to-business connectivity with Ukrainian enterprises, the intended target.
Had those direct connections been extensive – on the level of a major industrial nation – “you are talking about a catastrophic failure of all of our systems and environments across the globe. I mean it could have been absolutely terrifying,” Kennedy said.
Microsoft said NotPetya hit companies in at least 64 nations, including Russia, Germany and the United States. Victims include drug giant Merck & Co and the shipping company FedEx’s TNT subsidiary.
One major victim, Danish shipping giant AP Maersk-Moller, said on Friday that its cargo terminals and port operations were “now running close to normal again.”
Back in Ukraine, the pain continued. Officials assured the public that the outbreak was under control, and service has been restored to cash machines and at the airport.
But some bank branches remain closed as information-technology professionals scrambled to rebuild networks from scratch.
One government employee said she was still relying on her iPhone because her office’s computers were “collapsed”.